lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aKeevPJ0TDcp1T8W@google.com>
Date: Thu, 21 Aug 2025 22:33:32 +0000
From: Neill Kapron <nkapron@...gle.com>
To: Stephen Smalley <stephen.smalley.work@...il.com>
Cc: Paul Moore <paul@...l-moore.com>, Ondrej Mosnacek <omosnace@...hat.com>,
	kernel-team@...roid.com, selinux@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] selinux: enable per-file labeling for functionfs

On Thu, Aug 21, 2025 at 09:03:49AM -0400, Stephen Smalley wrote:
> On Thu, Aug 21, 2025 at 8:59 AM Stephen Smalley
> <stephen.smalley.work@...il.com> wrote:
> >
> > Did you confirm that functionfs is safe wrt genfscon-based and
> > userspace labeling, as per:
> > https://github.com/SELinuxProject/selinux-kernel/issues/2

Yes, I believe this is safe - FunctionFS is a filesystem which
exclusively exists in memory. The kernel creates an EP0 file to which
userspace writes usb endpoint descriptors to, and the kernel
sequentially creates the endpoint files for each descriptor.
.create/.link/.rename methods are not supported for the root directory
or any of the file inodes. So userspace can control the number of files
created in this directory, but does not have control of their naming or
anything else.

In Android, we further restrict permissions to the directory and control
endpoint EP0 to specific system processes. Our goal with this patch is
to maintain this restriction, while providing more permissive labels to
the endpoints created by the system process.

> >
> > Also as per that longstanding open issue, we'd welcome patches to
> > generalize the current hardcoded list of filesystem types to
> > instead lookup the filesystem type in the policy to see if it should
> > support genfscon and/or userspace labeling.
>

Unfortunately, that is outside my expertise at this time and I don't
have a solid understanding of how this would be accomplished.

> Also, do we need a new policycap to conditionally enable this new
> labeling behavior to avoid any regressions?
> See the corresponding checks for cgroup labeling and
> https://github.com/SELinuxProject/selinux-kernel/wiki/Getting-Started#adding-a-new-selinux-policy-capability

Thanks, I will send a V2 which adds a new policycap for this.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ